<?php
	session_start();
	
	// sent from the login form
	// employee id and username
	$employeeId = $_POST['employee_id'];
	$password = $_POST['password'];

	// protect from sql injections
	$employeeId = stripslashes($employeeId);
	$password = stripslashes($password);
	$employeeId = mysql_real_escape_string($employeeId);
	$password = mysql_real_escape_string($password);

	//make connection to database, bail if no connection
	$connection = odbc_pconnect('utrocks','','');
	if (!$connection) { exit("Connection Failed: " . $connection); }
	
	//retrieve usernames and passwords
	$sql = "SELECT * FROM LoginTable WHERE EmployeeID='$employeeId' and Password='$password'";
	$rs = odbc_exec($connection, $sql);
	if (!$rs) { exit("Error in SQL"); }
	
	if(odbc_fetch_row($rs)) {
		// register employeeId and password in session cookie and redirect to file "login_success.php"
		$_SESSION['employee_id'] = $employeeId;
		header("location:../../home.php");
	}
	else {
		header("location:../../login.php?error=0");
	}
	
	//close connection
	odbc_close($connection);
?>